Global Distinction: Harris Floridis - The Cypriot security researcher who identified & published a weakness of high importance in the company Checkpoint !!!
SecNews to EXCLUSIVITY today highlights the tracking event Critical weakness in Checkpoint, a leading security company in the world by a Cypriot researcher!
The weakness on the Checkpoint website
Exploiting weakness found by Mr. Harris Floridis as it turned out, allowed an outside malicious attacker, with zero knowledge of the company's internal infrastructure,to intercept or alter critical information. The use of weakness as reported by distinguished researchers communicated by SecNews, could cause incalculable consequences exposing the company both in matters of confidentiality & legally to its customers but also mainly to be a blow to the reputation of the company
The vulnerability was due to an incorrect parameter of the subpage where its contributors appear around the world specifically here (http://partners.us.
checkpoint.com/partnerlocator/ ).
The partial exploitation of the weakness enabled the attacker to gain access to the Check Point Database with additional access extension capabilities. Evidence of existence & use of the weakness is in the possession of the Researcher and the company. The company confirms this accessibility as shown in the relevant announcement, which however does not publish the exact details so as not to damage its reputation.
In addition SecNews has data which confirm the existence & use of the weakness, but does not make them public since the details of the Checkpoint Client on whom the tests were carried out are reported.
A few words about the researcher
The plan to solve the weakness.
Fully following ethics with regard to "Responsible Disclosure of Vulnerabilities", Mr. Floridis announced specific suggestions for its immediate resolution and proposals for further investigation of possible incidents.
In the communication we sought with Mr. Haris Floridis, he told us that the identification of extremely critical weakness was without the use of automated tools, but manually. It is well known that penetration testers of high prestige and knowledge choose to use manual methods based solely on their knowledge. After all, automated tools often make it impossible to detect and exploit vulnerabilities (due to the limited controls they perform).